Grouper Users - Open Discussion List

[Tom Zeller <>]

If I understand correctly, in ldappc-resolver.xml, you will want to
search for members using your SAMA attribute :

 <resolver:DataConnector id="SpmlDataConnector" ...
  <resolver:Dependency ref="MemberDataConnector" />
    <ldappc:FilterTemplate>(cn=${SAMA.get(0)})</ldappc:FilterTemplate>
  </resolver:DataConnector>

You will need to declare the SAMA attribute in the MemberDataConnector :

  <resolver:DataConnector id="MemberDataConnector"
xsi:type="grouper:MemberDataConnector">
    <grouper:Attribute id="groups" />
    <grouper:Attribute id="SAMA" source="jdbcX" />
  </resolver:DataConnector>

I wrote jdbcX, since I'm not sure which source adapter you wish to
use. Multiple <Attribute id="" source="" /> elements are allowed.

The MemberDataConnector returns only the declared attributes (using
<Attribute id="" source="" />) of a Member to avoid unnecessary
queries.

Does this help ?
TomZ

On Fri, Feb 11, 2011 at 8:43 AM, Richard James
<>
 wrote:
> Hi,
>
> Hopefully this will be a nice simple query to help with, and apologies if 
> this has already been discussed/documented elsewhere.
>
> We have been using LDAPPC for the past 4 months or so and have successfully 
> been provisioning groups and memberships into our Active Directory. To do 
> this we provision our subjects using a subject attribute we defined in our 
> sources.xml file called SAMA. With LDAPPC we were able to configure in the 
> LDAPPC.xml file to use the SAMA attribute when searching in the Active 
> Directory.
>
> I have been installing LDAPPCNG and have been able to provision groups into 
> the AD, but when we provision the memberships it uses the default subject 
> ID, which unfortunately means that it will not be able to find a match 
> against the CN attribute in the AD. If we change the subject id to a format 
> which matches the CN attribute in the AD it will successfully provision the 
> membership.
>
> See the response we get from running bulkCalc, which shows trying to 
> provision the 2 different formats of subject ID.
>
> <ldappc:calcResponse status='failure' 
> requestID='2011/02/11-14:24:26.644_QUBG45LX' error='noSuchIdentifier'>
>    <errorMessage>Unable to calculate provisioned object.</errorMessage>
>    <ldappc:id 
> '/>
>  </ldappc:calcResponse>
>  <ldappc:calcResponse status='success' 
> requestID='2011/02/11-14:24:26.699_QUBG45L0'>
>    <ldappc:id ID='nrj17'/>
>    <ldappc:pso entityName='member'>
>      <psoID ID='cn=nrj17,ou=Staff Users,ou=Campus 
> Users,dc=campus,dc=ncl,dc=ac,dc=uk' targetID='ldap'/>
>    </ldappc:pso>
>  </ldappc:calcResponse>
> </ldappc:bulkCalcResponse>
>
> Would you be able to point me in the right direction of where you can 
> change the subject identifier that LDAPPCNG will use when provisioning 
> memberships i.e. for it to use the SAMA attribute? I have attempted to 
> amend the Ldappc-resolver.xml but with no success. I have attached 
> sanitized versions of some of our Ldappc config files.
>
> Thanks
>
> Richie
>
>
>
>
>
> Richard James
> Infrastructure Systems Administrator
> ISS Systems Architecture
> Newcastle University